Trainer Name: Riddhi Shree

Title: SecQAtion 2.0: Smart Automation for Identifying Web Security Vulnerabilities

Duration: 4 days (4 hrs each day)

Dates: May 10, 2022 To May 13, 2022

Time: 10 a.m. To 2 p.m. IST

Sold Out

Training Objective

The purpose of this training is to demonstrate ways to improve efficiency when testing an application for security vulnerabilities. Described methods could be used easily by security engineers, quality analysts, developers or anyone interested in finding security flaws in a target web application.

If you wish to explore the power of automation using open source tools, this training is for you. The capabilities can be further extended by integrating your favorite paid tools, if desired.

By the end of this training, you will have a working code that can be used for running some initial checks on your target Web application. You will also learn skills that would allow you to easily extend the code and customize it as per your needs.

Training level: Intermediate

Training preview

Training outline

Day 1:
  • The problem statement, and an overview of suggested solution
  • General understanding of security testing approach
  • Introduction to robot framework
  • Robot framework in action
  • Basic elements of robot framework
Day 2:
  • Understanding the need for an intercepting proxy tool
    Mitmproxy vs. Burp Suite
  • Configure robot framework to intercept API requests and responses
  • Case Study: Attacking DVWA with help of robot framework
Day 3:
  • Quick review of Docker and Docker Compose
  • Building a Jenkins CI/CD pipeline
  • Securely serving the test report on cloud
  • Leveraging HTTPolice
  • Enabling parallel processing using pabot
Day 4
  • Quick review of basics of Python programming
  • Creating custom keywords library
  • Case Study: A demonstration of various attack/analysis scenarios using our automation framework

What to Bring?

Following needs to be installed on your laptop/computer:

Training prerequisites

It would be an advantage if you are comfortable in following areas:

  • Writing Python functions
  • Writing Dockerfile, Jenkinsfile
  • Using Docker and Docker Compose
  • Running AWS CLI commands

Who Should Attend?

  • Security Engineers
  • Quality Analysts
  • Developers
  • Anyone interested in finding security flaws in Web applications, in an efficient and repeatable manner

What to Expect?

  • Gain an understanding of how to use the open source robot framework to your advantage as a security analyst
  • Hands-on experience of semi-automated security testing approach

What attendees will get?

  • Pre-configured Virtual Machine
  • Well-documented steps for hands-on exercises
  • Training presentation

What not to expect?

Do not expect the trainer to troubleshoot issues during software installation. Bring an up-to-date laptop and ensure your system supports installation of listed software’s.

About the Trainer

Riddhi Shree is a Security Analyst Consultant with experience in Web and mobile app security testing, test automation, functional testing, network pen testing, website development, mobile app development, and agile project management. She is a passionate learner. She enjoys creating CTF challenges and hosting CTF events. She is an active leader of the Winja community (an open community for security enthusiasts). She has developed an intentionally vulnerable cloud-based Android application, called "VyAPI". She has given multiple technical talks and training in various security conferences including Nullcon, c0c0n, Hack-In-The-Box (HITB), ISC2, BSides.